How Spikeball Dropped Their Phishing Susceptibility Rate by 30% In 6 Months
Headquartered in Chicago, the team at Spikeball Inc. is on a mission to build the next great American sport. If you haven’t heard of Spikeball™, it’s a four-player game the company describes on its website as “if volleyball and foursquare had a baby.”
Spikeball Inc. is a startup in every sense. With employees located all over the U.S., technology — and cybersecurity — plays a critical role at the company. To educate its remote team about the risks of security threats like phishing, Spikeball’s COO tasked Event Operations Manager Logan Cornelius with finding a security awareness training platform in early 2018.
We met with Logan to learn why he selected Infosec IQ as Spikeball’s awareness training platform and how he’s since used Infosec IQ to drop his team’s phishing susceptibility rate by 30% in just six short months.
Why Did Spikeball First Start Looking for a Security Awareness Training Solution?
Logan: Our COO put together a security team to help evaluate our digital security and look for ways we could improve. One of the first things we considered pursuing was security awareness training for our team. A lot of the programs we use at Spikeball have built-in security measures designed to protect data, but if the end user doesn’t know how to avoid things like phishing emails, those measures won’t always work. Since we do most of our business online, we wanted to be proactive and teach our team how to operate securely.
I also took security awareness training at college, and have several friends at other companies with security awareness training programs in place. I started looking around for an easy way to test and educate our employees. That’s how we found Infosec IQ.
Why Did You Pick Infosec IQ as Your Awareness Training Platform?
Logan: I looked around at a few other platforms but picked Infosec IQ because of its automation capabilities and value. It was more affordable than a lot of the other programs we looked at, and after the demo, I knew I could managed it on my own without dedicating too much time to the program. I only have to log in to the program a few times a month to set up new campaigns, and the automation tools handle the rest. It’s pretty powerful — performance analytics are easy to pull as well.
What’s Your Training Program Look Like?
Logan: We run new phishing simulations and awareness training campaigns every month. I follow training recommendations from the Infosec IQ 12-Month Awareness Plan, which makes it easy for me to select phishing templates and modules and get them out to the team.
Infosec IQ will send automatic training completion reminders to everyone from the system, but I also like to send reminders directly to the team. I let them know what the training will focus on in the beginning of the month, and also send a reminder or two near the end of every month.
What Results Have You Seen From Your Awareness Training Program?
Logan: Our phishing susceptibility rate dropped 30% in the first six months. No one clicked on the phishing simulations last month — they’re doing really well.
Do Your End Users Like the Training?
Logan: They do. They give me feedback all the time about the training and I sometimes receive personal emails about the phishing simulations. It has become a bit of a game for us. People don’t want to get tricked by the phishing emails and I can tell they are disappointed when they do. The team is really into it — they are connecting over the training and learning from each other. I even had a coworker personally thank me for the training because it’s helping him stay more secure outside of work as well.
I’ve noticed it myself. My wife recently got an Apple phishing email and I was able to prevent her from getting phished. We’re all a lot more aware of threats like phishing since starting the Infosec IQ training program.
Do You Have Any Special Initiatives In Place to Encourage Secure Behavior?
Logan: Not specifically — but I’d like to start something in the future. Right now, I make a point of sharing results in our communications channel so everyone can see the progress we’re making. I think it’s good to share results and acknowledge when people are doing a good job.
Do You Have Any Tips for Others Looking for Awareness Training Solutions?
Logan: If you’re like me and don’t have a lot of time to dedicate to managing a program, find something powerful like Infosec IQ that can really help people learn without having to take up too much of your time. If you think you need a security awareness training program — and you probably do — find one now before it’s too late. And if you’re worried about it taking up too much of your time, find something with powerful automation capabilities so you can get it set up and let it run on its own.
Would You Recommend Infosec IQ to Your Peers or Colleagues?
Logan: Yes, I would.